Recently I needed to setup a GoPhish instance which needed to run as a service and also present its landing page via a fully qualified domain name over SSL. I coouldn’t find a succinct gide which had all the steps which worked so I have compiled this post for others who may need to set up the same configuration.
Below is a list of steps which can help you achieve this on Ubuntu which I collated from these sources:
- https://gophish.gitbooks.io/user-guide/content/installation.html
- https://medium.com/@immure/setting-up-gophish-on-aws-c2f2fd78b7e9
- https://www.n00py.io/2017/09/phishing-with-gophish-and-letsencrypt/
I have also added a few specific steps which I needed to create to get the GoPhish service to start once I had installed it.
Installing GoPhish
Step 1: Install Unzip.
This is needed to unzip the GoPhish installation files once you have downloaded them
sudo apt install unzip
Step 2: Download GoPhish.
At the time of writing the current version was 0.5.0.
wget https://github.com/gophish/gophish/releases/download/v0.5.0/gophish-v0.5.0-linux-64bit.zip
Step 3: Create a gophish folder under the /opt directory.
sudo mkdir /opt/gophish
Step 4: Unzip the GoPhish files to your newly created gophish directory.
sudo unzip gophish-v0.5.0-linux-64bit.zip -d /opt/gophish
Step 5: Configure the listen address to allow remote access to the admin console.
sudo sed -i ‘s!127.0.0.1!0.0.0.0!g’ /opt/gophish/config.json
Step 6: Test. Test that GoPhish starts and that you can access the admin console etc.
cd /opt/gophish
sudo ./gophish
Open a browser and navigate to https://<IP of GoPhish Server>:3333
HIt CTRL + C to end your GoPhish session
Creating and configuring the GoPhish service
Now that we have a basic GoPhish install up and running we can configure so that it runs as a service. The script can be found here: https://github.com/gophish/gophish/issues/586 which is described in the GoPhish installation guide.
Step 1: Create the gophish service file and copy in the script.
sudo nano /etc/init.d/gophish
Script:
#!/bin/bash
# /etc/init.d/gophish
# initialization file for stop/start of gophish application server
# description: stops/starts gophish application server
# processname:gophish
# config:/opt/gophish/config.json
# define script variables
processName=Gophish
process=gophish
appDirectory=/opt/gophish
logfile=/var/log/gophish/gophish.log
errfile=/var/log/gophish/gophish.error
start() {
echo ‘Starting ‘${processName}’…’
cd ${appDirectory}
nohup ./$process >>$logfile 2>>$errfile &
sleep 1
}
stop() {
echo ‘Stopping ‘${processName}’…’
pid=$(/usr/sbin/pidof ${process})
kill ${pid}
sleep 1
}
status() {
pid=$(/usr/sbin/pidof ${process})
if [[ “$pid” != “” ]]; then
echo ${processName}’ is running…’
else
echo ${processName}’ is not running…’
fi
}
case $1 in
start|stop|status) “$1” ;;
esac
CTRL + X to exit and y and enter to save changes
Step 2: Create the gophish log directory
sudo mkdir /var/log/gophish
Step 3: Make the gophish script file executable
sudo chmod +x /etc/init.d/gophish
Step 4: Add the gophish service to update-rc.d to ensure its starts everytime your server starts.
You may get a warning that states ‘insserv: warning: script ‘gophish’ missing LSB tags and overrides’. You can ignore this.
sudo update-rc.d gophish defaults
Step 5: Start the gophish service and test GoPhish
sudo service gophish start
Open a browser and navigate to https://<IP of GoPhish Server>:3333
Configuring the GoPhish listener to server requests over SSL
Now we can install the SSL cert for the domain you will be using for your phishing campaign. I tried OpenSSL but have found LetsEncrypt works best so I followed the steps found in N00PY’s blog post.
Step 1: Download CertBot-Auto
sudo wget https://dl.eff.org/certbot-auto
Step 2: Make certbot-auto executable
sudo chmod a+x certbot-auto
Step 3: Run the certbot-auto script.
Once it has installed a few prerequisites, you will be prompted to accpet certain terms and conditions as well as provide the information needed for the certificate to be created. You will also be prompted to create a TXT record for the domain so ensure you have the necessary access and that you are ready to create the record when prompted to do so by the script.
sudo ./certbot-auto certonly -d <your domain> –manual –preferred-challenges dns
Step 4: Copy the key and cert files to the gophish directory
sudo cp /etc/letsencrypt/live/<your domain>/privkey.pem /opt/gophish/domain.key
sudo cp /etc/letsencrypt/live/<your domain>/fullchain.pem /opt/gophish/domain.crt
Step 5: Amend the configuration of config.json with your new certificate information.
Change the url port from 80 to 443, change use_tls from false to true, change cert_path from example.cert to domain.crt and key_path from exmaple.key to domain.key
sudo nano /opt/gophish/config.json
Once done CTRL + X to exit and y and enter to save changes
Step 6: Reboot for all settings to take effect
sudo reboot
Once your server restarts you should now have a working GoPhish server where GoPhish is running as a service and your target domain is being served via HTTPS.
The post GoPhish as a service over SSL on Ubuntu appeared first on Chris Lazari.
Article Link: https://chrislazari.com/gophish-service-ssl-ubuntu/